And the good Lord saw that clear was bad and gave us ssh...
If you care that much build an ssh tunnel to the db server and talk over
that.
-Original Message-
From: Jason Wong [mailto:[EMAIL PROTECTED]
Sent: 20 December 2004 17:29
To: php-general@lists.php.net
Subject: Re: [PHP] Using
symbulos partners wrote:
> What we would like to achieve?
>
> If a malicious user finds a way of entering of accessing the docroot (rwx)
> of a website with CMS (PHP + MySQL), we would like to have further barrier
> to him accessing the Mysql database.
>
> We had some problem with one hacker using
On Tuesday 21 December 2004 20:06, symbulos partners wrote:
> What we would like to achieve?
>
> If a malicious user finds a way of entering of accessing the docroot (rwx)
> of a website with CMS (PHP + MySQL), we would like to have further barrier
> to him accessing the Mysql database.
Like I sai
On Tuesday 21 December 2004 02:15, symbulos partners wrote:
> Sorry for the silly question, you are probably right.
Perhaps it would be better if you say what you are trying to achieve.
> Would it be possible to encrypt the whole file, so that the password could
> not be read?
Encryption is onl
What you might want to try doing is to create a "connect.php" file that
exists outside of your doc root that has the variables with your information
and simply include this file when you need to connect to your DB.
Now, this won't change the root problem - if someone's able to snoop your
transmis
Symbulos Partners wrote:
Jason Wong wrote:
Why? It's not going to offer any protection. If I know your encrypted
password and am able to access your database using it there is no reason
for me to know what your cleartext password is. In other words if I am
able to read the file containing your pass
symbulos partners wrote:
> Dear friends,
>
> is it possible to use encrypted passwords in php files, for connecting to
> a
> database?
>
> We do not like too much the idea of the password being in clear text.
>
> Example
> $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
>
> 'mys
Jason Wong wrote:
> Why? It's not going to offer any protection. If I know your encrypted
> password and am able to access your database using it there is no reason
> for me to know what your cleartext password is. In other words if I am
> able to read the file containing your password (whether enc
On Tuesday 21 December 2004 00:03, symbulos partners wrote:
> is it possible to use encrypted passwords in php files, for connecting to a
> database?
>
> We do not like too much the idea of the password being in clear text.
>
> Example
> $link = mysql_connect('localhost', 'mysql_user', 'mysql_passw
9 matches
Mail list logo
